<?php

$json = array('status' => 'error', 'msg' => 'error', 'data' => '');
$usr = fn_post('usr');
$pwd = fn_post('pwd');

if (!$usr) {
	$json['msg'] = '用户名或密码错误!';
} elseif (!$pwd) {
	$json['msg'] = '密码或用户名错误!';
} else {
	$admin = $this->website['class']['db']
		->table('user_admin')
		->field('id', 'pwd', 'uname', 'authority','authoritylist')
		->where('uname = ?', $usr)
		->one();
	$json['data'] = $admin;
	if ($admin['visible'] == '0') {
		$json['msg'] = '已禁用!';
	}if (!($admin['pwd'] ?? false)) {
		$json['msg'] = '无效用户，请重新登录!';
	} elseif (password_verify($admin['id'] . $pwd, $admin['pwd'])) {
		unset($admin['pwd']);
		$json['status'] = 'ok';
		$json['msg'] = 'ok';
		$admin['key'] = password_hash($admin['id'] . $this->website['safe']['key'] . date('Ymd'), PASSWORD_DEFAULT);

		$_SESSION['admin'] = json_encode($admin);
		$json['admin'] = $admin;

		// 自动登录写入cookie-安全期间不使用
		// $auto = password_hash($admin['id'].$this->website['safe']['key'],PASSWORD_DEFAULT);
		// setcookie('auto',$auto,86400);
		// setcookie('uid',$admin['id'],86400);
	} else {
		unset($admin['pwd']);
		$json['msg'] = '登录失败,重新输入用户名密码!';
	}

}

echo json_encode($json);
